Caal
Monthly
Server-side request forgery in CoreWorxLab CAAL versions up to 1.6.0 enables unauthenticated remote attackers to make arbitrary HTTP requests from the server through the test-hass endpoint in webhooks.py. The vulnerability has publicly available exploit code and allows attackers to access internal resources, potentially leading to data exposure or further compromise of internal systems. EPSS data not available, not currently in CISA KEV despite public exploit availability.
Server-side request forgery in CoreWorxLab CAAL versions up to 1.6.0 enables unauthenticated remote attackers to make arbitrary HTTP requests from the server through the test-hass endpoint in webhooks.py. The vulnerability has publicly available exploit code and allows attackers to access internal resources, potentially leading to data exposure or further compromise of internal systems. EPSS data not available, not currently in CISA KEV despite public exploit availability.